Overview
- Description
- Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-918
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "358DA8A0-B9ED-4A34-9137-FF09D7AFD94D",
"versionEndExcluding": "6.6.177",
"versionStartIncluding": "6.3.1"
},
{
"criteria": "cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C2230FE-1533-4B8A-9C5B-771DFBD0C492",
"versionEndExcluding": "6.7.54",
"versionStartIncluding": "6.7.0"
},
{
"criteria": "cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84304CD1-C71F-481B-9C4A-16157206A677",
"versionEndExcluding": "6.8.15",
"versionStartIncluding": "6.8.0"
}
],
"operator": "OR"
}
]
}
]